CGA Verification

• The verifier know the sender IP address (CGA)

• The verifier gets the sender public key from CGA parameter

• The verifier checks the association between IPv6 CGA and the corresponding public key

• After then, the digital signature of ND message is verified

No PKI, CA or trusted servers is needed!

SEcure Neihgbor Discovery (SEND, RFC3971) describes Neighbor Discovery threats and protection